General
-
Target
1a4c97d4fa1fae3ad922d7a1dc9bcae1_JaffaCakes118
-
Size
197KB
-
Sample
240628-qra6xasane
-
MD5
1a4c97d4fa1fae3ad922d7a1dc9bcae1
-
SHA1
7b28c420894ec6c8ffd56b88873501dabaad99d8
-
SHA256
0b64d769dfae8b7447019788eb14760f869e1eb86edd107431032e5c255329a3
-
SHA512
fa68c2ccd130a7f85865670bbcc365b82fcade53273d20514ee32d35028d300a9b447f8cdab2bef39454c3733ecd8605e85507ff8aca6868ac927feebc307502
-
SSDEEP
3072:aTUtZpaaUJ7FlxTTUXdu/6NIqxRcNQluHGpwSE+WsLpxK/5EBsSuZ81+:ucpavHIfNX18uwSE+/xK/5EBsSuZL
Behavioral task
behavioral1
Sample
1a4c97d4fa1fae3ad922d7a1dc9bcae1_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1a4c97d4fa1fae3ad922d7a1dc9bcae1_JaffaCakes118
-
Size
197KB
-
MD5
1a4c97d4fa1fae3ad922d7a1dc9bcae1
-
SHA1
7b28c420894ec6c8ffd56b88873501dabaad99d8
-
SHA256
0b64d769dfae8b7447019788eb14760f869e1eb86edd107431032e5c255329a3
-
SHA512
fa68c2ccd130a7f85865670bbcc365b82fcade53273d20514ee32d35028d300a9b447f8cdab2bef39454c3733ecd8605e85507ff8aca6868ac927feebc307502
-
SSDEEP
3072:aTUtZpaaUJ7FlxTTUXdu/6NIqxRcNQluHGpwSE+WsLpxK/5EBsSuZ81+:ucpavHIfNX18uwSE+/xK/5EBsSuZL
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1